[Snort-users] GET SOME TROUBLE CONFIGURING SNORT 3

Russ rucombs at cisco.com
Wed May 30 00:58:56 EDT 2018


Francis,

The manual, and the command line help from which it is derived, indicate 
the default values.

Under Concepts / Parameters in the manual you will find the parameter 
help format:

     type name = default: help { range }

So this help:

$ src/snort --help-config unified2 | grep -E "legacy_events|nostamp"
bool unified2.legacy_events = false: generate Snort 2.X style events for 
barnyard2 compatibility
bool unified2.nostamp = true: append file creation time to name (in Unix 
Epoch format)

means that by default unified2 legacy events and time stamps are disabled.

Thanks
Russ

On 5/28/18 4:37 AM, Francis Ahadji via Snort-users wrote:
> Hello evrebody,
>
> I am french man, so forgive me if my english is bad.
> I have some trouble configuring SNORT 3. In the manual it is says to 
> use this value ;
> *legacy_events*= false: generate Snort 2.X style events for barnyard2 
> compatibility
> *nostamp*= true: append file creation time to name
>
> But i was forced to use the opposite value to have log event 
> compatible for barnyard2
> and creation time append to name.
>
> *legacy_events*= true: generate Snort 2.X style events for barnyard2 
> compatibility
> *nostamp*= false : append file creation time to name
>
>
> Can somebody explain me why i found that result, or is there any 
> trouble in version 3 if snort.
>
> Thanks
>
>
> -- 
> AHADJI Francis
> Technicien Réseaux
> 98046975
> 91544836
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> 
> 	Garanti sans virus. www.avast.com 
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> 
>
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180530/dd24a4c2/attachment.html>


More information about the Snort-users mailing list